add ssl_no_compression option to allow one to disable OpenSSL compression.

2013-08-07 16:59:45 +02:00 · 2013-08-07 16:59:45 +02:00 · bbfbfc4c61
parent 429768ba37
commit bbfbfc4c61
4 changed files with 18 additions and 0 deletions
--- a/includes/kore.h
+++ b/includes/kore.h
@ -230,6 +230,7 @@ extern char	*kore_pidfile;
 extern char	*config_file;
 extern char	*kore_ssl_cipher_list;
 extern DH	*ssl_dhparam;
+extern int	ssl_no_compression;

 extern u_int8_t			nlisteners;
 extern u_int64_t		spdy_idle_time;
--- a/modules/example/module.conf
+++ b/modules/example/module.conf
@ -34,6 +34,9 @@ load modules/example/example.module
 # a generated DH key (See OpenSSL dhparam).
 #ssl_dhparam	dh2048.pem

+# Set this if you want to disable SSL zlib compression.
+#ssl_no_compression
+
 # Specify the amount of seconds a SPDY connection is kept open.
 # You can keep it open indefinately by setting this to 0.
 #spdy_idle_time		120
--- a/src/config.c
+++ b/src/config.c
@ -35,6 +35,7 @@ static int		configure_certkey(char **);
 static int		configure_max_connections(char **);
 static int		configure_ssl_cipher(char **);
 static int		configure_ssl_dhparam(char **);
+static int		configure_ssl_no_compression(char **);
 static int		configure_spdy_idle_time(char **);
 static void		domain_sslstart(void);

@ -49,6 +50,7 @@ static struct {
 	{ "dynamic",			configure_handler },
 	{ "ssl_cipher",			configure_ssl_cipher },
 	{ "ssl_dhparam",		configure_ssl_dhparam },
+	{ "ssl_no_compression",		configure_ssl_no_compression },
 	{ "spdy_idle_time",		configure_spdy_idle_time },
 	{ "domain",			configure_domain },
 	{ "chroot",			configure_chroot },
@ -203,6 +205,14 @@ configure_ssl_dhparam(char **argv)
 	return (KORE_RESULT_OK);
 }

+static int
+configure_ssl_no_compression(char **argv)
+{
+	ssl_no_compression = 1;
+
+	return (KORE_RESULT_OK);
+}
+
 static int
 configure_spdy_idle_time(char **argv)
 {
--- a/src/domain.c
+++ b/src/domain.c
@ -19,6 +19,7 @@
 struct kore_domain_h		domains;
 struct kore_domain		*primary_dom = NULL;
 DH				*ssl_dhparam = NULL;
+int				ssl_no_compression = 0;

 void
 kore_domain_init(void)
@ -78,6 +79,9 @@ kore_domain_sslstart(struct kore_domain *dom)
 		SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);
 	}

+	if (ssl_no_compression)
+		SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_NO_COMPRESSION);
+
 	SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
 	SSL_CTX_set_cipher_list(dom->ssl_ctx, kore_ssl_cipher_list);
 	SSL_CTX_set_mode(dom->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);